Privacy Policy

Version 1.0.0 · Published May 20, 2026

LINKEDWITHIN

Privacy Policy

Operated by Thrive Strong Group Pty Ltd

ABN: 41 691 205 366  |  ACN: 691 205 366

490 Northbourne Ave, Dickson ACT 2602, Australia

legal@linkedwithin.com


Effective Date: 5 May 2026     Version: 1.0     Last Reviewed: May 2026


Quick Summary (In-App Short Notice)

LinkedWithin collects your profile information, usage data, and — where you choose to share it — health, financial, and belief-related information to help you grow personally and professionally. We use industry-standard encryption to protect your data. We do not sell your personal information. You can access, correct, or delete your data at any time by emailing legal@linkedwithin.com. For the full picture, read on.

1.  About This Policy

This Privacy Policy explains how Thrive Strong Group Pty Ltd (trading as LinkedWithin, "we", "us", or "our") collects, uses, discloses, stores, and protects your personal information when you use the LinkedWithin mobile application and web platform ("Platform").

We are committed to handling your personal information in accordance with:

  • the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
  • the General Data Protection Regulation 2016/679 (GDPR) (to the extent we collect data from persons in the European Economic Area or United Kingdom);
  • the California Consumer Privacy Act 2018 (CCPA) / California Privacy Rights Act 2020 (CPRA) (to the extent we collect data from California residents);
  • the Children's Online Privacy Protection Act (COPPA) and applicable child-safety laws, given our Platform may be accessed by or on behalf of minors.

2.  Who We Are

Legal Entity: Thrive Strong Group Pty Ltd

Trading Name: LinkedWithin

ABN: 41 691 205 366

ACN: 691 205 366

Registered Address: 490 Northbourne Ave, Dickson ACT 2602, Australia

Privacy Contact: legal@linkedwithin.com

3.  What LinkedWithin Does

LinkedWithin is a personal management and growth platform designed to help users better understand themselves, manage their lives, and work toward personal and professional goals. It is not a social media or entertainment application. Core features include goal-tracking, self-reflection tools, progress journalling, community features, appointment booking, content sharing, and — for users who choose to enable it — a Family Section through which account holders may create sub-profiles to monitor the progress of family members (including children).

4.  Information We Collect

4.1  Information You Give Us at Registration

When you create an account we collect:

  • Full name
  • Email address
  • Phone number
  • Date of birth
  • Gender
  • Profile photo
  • Username / display name
  • Street address, city, and country

You may register using email and password, phone number, or via Facebook Login, Google Sign-In, Apple Sign In, or Twitter/X. When you use a social login, we receive the information that the social platform makes available to us (which varies by platform and your privacy settings on that platform).

4.2  Sensitive Information

To the extent you voluntarily provide it — for example, through goal-setting, journalling, or the Family Section — we may collect:

  • Health or medical information (e.g. wellness goals, medical conditions, fitness metrics);
  • Financial account details or financial goals (beyond payment card details);
  • Religious or philosophical beliefs (e.g. spiritual growth goals).

We will always ask for your explicit consent before collecting any sensitive information. You are never required to provide sensitive information to use the Platform's core features. You may withdraw consent at any time by contacting us at legal@linkedwithin.com, though this may limit certain features.

4.3  Family Section — Information About Children and Other Family Members

If you use the Family Section to create a profile for a family member (including a child under 18), you confirm that:

  • You are the parent or legal guardian of that person, or have their informed consent to add their information;
  • You have the authority to provide their personal information to us on their behalf;
  • Where the family member is a child under 13, you provide verifiable parental consent as required under applicable law.

We treat any information entered in the Family Section with the same protections as your own personal information. We do not use a child's personal information for advertising or profiling purposes.

4.4  Information Collected Automatically During Use

When you use the Platform we automatically collect:

  • Approximate location (city/region inferred from IP address);
  • Clicks, interactions, and features used;
  • Time spent on the Platform;
  • Customer support chat records;
  • Device permissions you grant (camera, microphone, photo library, calendar, location while in use, push notifications — see Section 11).

4.5  Information From Third Parties

We may receive information about you from:

  • Social login providers (Facebook, Google, Apple, Twitter/X) — limited to what those platforms share with us;
  • Payment processors (Stripe, PayPal, Apple Pay/Google Pay) — we receive transaction confirmations and limited billing information but not full card numbers, which are handled by those processors directly;
  • AWS (our hosting infrastructure) — server logs and technical diagnostics.

4.6  Cookies and Tracking Technologies

Our web Platform and mobile app may use cookies, pixels, and similar tracking technologies. A detailed Cookie Policy is published separately. At minimum, we use:

  • Essential cookies: necessary for the Platform to function (e.g. session management, authentication);
  • Analytics technologies: to understand how users interact with the Platform and improve performance;
  • Advertising/marketing technologies: to serve and measure personalised advertisements (see Section 7).

You may control cookie preferences through your browser settings or our in-app cookie consent tool (planned).

5.  How We Use Your Information

We use personal information for the following purposes and on the following legal bases:


(a) To provide and operate the Platform (Legal basis — Contract / Legitimate Interests / APP 3):

  • Creating and managing your account;
  • Enabling platform features including goal-tracking, journalling, messaging, community groups, booking, and the Family Section;
  • Processing payments and subscriptions through our third-party payment processors;
  • Providing customer support.


(b) To personalise your experience (Legal basis — Consent / Legitimate Interests):

  • Recommending relevant content and features based on your usage (AI-powered recommendations are planned — see Section 8);
  • Tailoring the Platform to your stated goals and preferences.


(c) To display advertisements (Legal basis — Consent):

We display advertisements from our own business and from third-party advertisers. Where permitted by law, advertisements may be targeted and personalised based on your profile, usage data, and approximate location. You may opt out of personalised advertising at any time through your account settings or by contacting us.


(d) For marketing communications (Legal basis — Consent):

Marketing communications (email, SMS, push notifications) are planned and will only be sent with your prior consent. You may unsubscribe at any time via the unsubscribe link in any communication or through your account settings.


(e) For safety, security, and legal compliance (Legal basis — Legal Obligation / Legitimate Interests):

  • Fraud prevention and detecting misuse of the Platform;
  • Complying with applicable laws and responding to legal process;
  • Enforcing our Terms of Service.


(f) For analytics and Platform improvement (Legal basis — Legitimate Interests):

We analyse aggregated and de-identified usage data to understand how the Platform performs and how to improve it.

6.  AI and Automated Decision-Making

We use artificial intelligence and automated processes in the following ways:

  • Content moderation: automated systems review user-generated content to detect prohibited material before or after it is posted;
  • Content recommendations (planned): AI will analyse your usage patterns and preferences to suggest relevant content, groups, or features.

Automated systems do not make decisions that produce significant legal or similarly significant effects on you without a human review stage. If you believe an automated decision has adversely affected you, you may contact us at legal@linkedwithin.com to request human review.

7.  Advertising

LinkedWithin displays advertisements to users, including personalised advertisements from both LinkedWithin itself and from third-party advertisers. Personalisation is based on your profile information, usage behaviour, and approximate location.

You have the following controls:

  • Opt out of personalised advertising via your account settings;
  • Request that we limit the use of your personal information for targeted advertising (available to California residents as a CPRA right and to EEA/UK residents under GDPR).

We do not sell your personal information to third-party advertisers. Advertisers receive aggregated, non-personally-identifiable information about campaign performance.

8.  Disclosure of Your Information to Third Parties

8.1  Service Providers

We share personal information with the following categories of service providers who process data on our behalf and under our instructions:

  • Cloud hosting and infrastructure: Amazon Web Services (AWS) — servers and data storage;
  • Payment processing: Stripe (credit/debit card transactions); Apple Pay and Google Pay (handled directly by Apple and Google via their respective app store and wallet infrastructure);
  • Social login and authentication: Facebook (Meta), Google, Apple, Twitter/X;
  • Customer support: Resend (transactional email delivery);
  • Analytics: Internal analytics (pseudonymised usage data stored on AWS — no third-party analytics provider is currently used).

8.2  No Sale of Personal Information

We do not currently sell your personal information to third parties. If this changes in the future, we will update this policy and, where required by law, seek your prior consent or provide opt-out mechanisms.

8.3  Legal Disclosures

We may disclose your personal information if required by law, regulation, court order, or government authority, or to protect the rights, property, or safety of LinkedWithin, our users, or the public.

8.4  Business Transfers

If Thrive Strong Group Pty Ltd or the LinkedWithin platform is involved in a merger, acquisition, or sale of assets, your personal information may be transferred. We will provide notice of any such change.

9.  International Data Transfers

Your personal information is stored on servers operated by Amazon Web Services (AWS). The specific server regions where your data is processed and stored include us-east-1 (Northern Virginia, United States).


Regarding these transfers, please note the following:

  • We take steps to ensure that any international transfer of your data is subject to appropriate safeguards, including contractual protections with our service providers.
  • Where we transfer personal information outside of Australia, we take reasonable steps to ensure the recipient handles it in a manner consistent with the Australian Privacy Principles.
  • Where we transfer personal data of EEA or UK residents outside those regions to countries not deemed to have an adequate level of protection, we rely on European Commission Standard Contractual Clauses (SCCs) or other legally approved transfer mechanisms.

10.  Data Retention

We retain your personal information for as long as your account is active and as reasonably necessary to provide the Platform's services. Upon account deletion:

  • Your profile and user-generated content will be Soft-deleted within 30 days of your request (your account is deactivated and made inaccessible immediately; underlying records are permanently purged after 90 days, once any active database backups containing that data have expired);
  • We may retain certain data for a limited period for backup, fraud prevention, dispute resolution, or legal compliance purposes;
  • Financial and transaction records may be retained for the period required by Australian taxation and accounting law (generally 7 years);
  • After the applicable retention period, your personal information will be securely deleted or de-identified.

11.  Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Security measures include:

  • Encryption of data in transit using HTTPS/TLS;
  • Encryption of data at rest on our servers;
  • Access controls limiting internal access to personal information to authorised personnel on a need-to-know basis;
  • Bcrypt password hashing (industry-standard one-way hashing for all stored passwords);
  • JWT-based authentication using httpOnly and Secure cookies (prevents client-side JavaScript access to session tokens);
  • Server-side input validation (Zod); role-based access controls for administrative functions; structured security logging (Winston); non-root container deployment on AWS.

No system is completely secure. If you suspect unauthorised access to your account, please contact us immediately at legal@linkedwithin.com.

12.  Device Permissions (Mobile App)

The LinkedWithin mobile app (available on iOS and Android) may request the following device permissions. You can manage these at any time through your device settings:

  • Camera: to allow you to take and upload photos or videos;
  • Photo Library: to allow you to select and upload existing media;
  • Microphone: to allow you to record audio content;
  • Location (while using app): to provide location-based features and approximate location data;
  • Calendar: to allow integration with scheduling and appointment features;
  • Push Notifications: to send you service and (with your consent) marketing notifications.

You may deny or revoke any permission at any time. Revoking a permission may disable features that rely on it.

13.  Your Privacy Rights

13.1  All Users (Australian Privacy Principles)

Under the Privacy Act 1988 (Cth) you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate, incomplete, or out-of-date information;
  • Complain about a breach of the APPs (see Section 16).

13.2  European Economic Area and UK Users (GDPR / UK GDPR)

If you are located in the EEA or UK, you additionally have the right to:

  • Erasure ('right to be forgotten') — request deletion of your personal data;
  • Restriction of processing — request that we limit how we process your data;
  • Data portability — receive your personal data in a structured, machine-readable format;
  • Object to processing — object to processing based on legitimate interests or for direct marketing;
  • Withdraw consent — withdraw any consent you have given at any time, without affecting prior processing;
  • Lodge a complaint with a supervisory authority in your country of residence.

13.3  California Residents (CPRA)

If you are a California resident, you additionally have the right to:

  • Know what personal information we collect, use, disclose, and sell;
  • Delete your personal information (with certain exceptions);
  • Correct inaccurate personal information;
  • Opt out of the sale or sharing of personal information;
  • Limit the use of sensitive personal information;
  • Non-discrimination for exercising your privacy rights.

To submit a California privacy request, contact us at legal@linkedwithin.com with the subject line "California Privacy Request".

13.4  How to Exercise Your Rights

To exercise any of the above rights, please contact us at legal@linkedwithin.com. We will respond within 30 days (or the shorter period required by applicable law). We may need to verify your identity before processing your request.

14.  User-Generated Content

LinkedWithin allows users to create, upload, and share content including text, photos, videos, audio, and documents. Please be mindful that:

  • Content you post publicly is visible to other users of the Platform;
  • Content you post to a limited audience is visible to the audience you select;
  • You retain full ownership of content you create and upload on the Platform;
  • By posting content, you grant LinkedWithin a non-exclusive, royalty-free, worldwide licence to host, store, transmit, and display your content solely as necessary to provide the Platform's services.

You may delete your own content at any time through the Platform. What happens to your content following account deletion is set out in Section 10.

15.  Children's Privacy

We recognise the importance of protecting children's privacy. With respect to our Family Section:

  • Account holders who add a family member under 18 to their account must be the parent or legal guardian of that person or have appropriate authority;
  • We do not knowingly collect personal information directly from children under 13 without verifiable parental consent;
  • We do not use personal information relating to children for targeted advertising, profiling, or any purpose beyond providing the Family Section's educational and progress-monitoring features;
  • Parents or guardians may request access to, correction of, or deletion of a child's information by contacting us at legal@linkedwithin.com.

If you believe we have inadvertently collected personal information from a child without proper consent, please contact us immediately at legal@linkedwithin.com and we will take prompt steps to delete it.

16.  Complaints and How to Contact Us

If you have a concern or complaint about how we have handled your personal information, please contact us first:


Email: legal@linkedwithin.com

Post: Privacy Officer, Thrive Strong Group Pty Ltd, 490 Northbourne Ave, Dickson ACT 2602, Australia


We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

If you are not satisfied with our response, you may lodge a complaint with:

  • Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au — for Australian residents;
  • Your national data protection authority — for EEA/UK residents;
  • The California Attorney General's Office — for California residents.

17.  Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or for other operational reasons. When we make a material change, we will:

  • Post the updated Policy on the Platform with a new "Last Reviewed" date;
  • Notify registered users by email or in-app notification.

Your continued use of the Platform after a change is posted constitutes your acceptance of the updated Policy. If you disagree with a change, you should stop using the Platform and may request deletion of your account.

18.  Third-Party Links and Services

The Platform may contain links to third-party websites, social media platforms, or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through the Platform.

19.  Governing Law

This Privacy Policy is governed by the laws of the Australian Capital Territory and the Commonwealth of Australia. Where applicable, we also comply with the laws of the jurisdictions in which our users reside, including the GDPR (EU/UK) and CCPA/CPRA (California, USA).

20.  Contact Us

For any questions about this Privacy Policy or your personal information:


LinkedWithin Privacy Team

Email: legal@linkedwithin.com

Address: 490 Northbourne Ave, Dickson ACT 2602, Australia

Business Hours: Monday to Friday, 9:00 am – 5:00 pm AEST




© 2026 Thrive Strong Group Pty Ltd (ABN 41 691 205 366). All rights reserved.

LinkedWithin is a trading name of Thrive Strong Group Pty Ltd.

Privacy Policy | LinkedWithin